Hi, I'm using the keycloak Admin API to create a new user with the "subscriptor" role from my application. I've found issue KEYCLOAK-6080 [1] in Jira which says that you first have to create the user and then set the roles. That's what I'm trying to do. 1- First, get a token for the Admin API using the admin user from the master realm: curl -d "client_id=admin-cli" \ -d "MYUSERNAME" \ -d "MYPASSWORD" \ -d "grant_type=password" \ "https://mykeycloakserver/auth/realms/master/protocol/openid-connect/token" 2- set shell variable "access_token" with the provided access_token 3- Change the user firstName and realmRoles of the "demo-rails-app" realm curl -X PUT \ -H"Content-Type: application/json" \ -H "Authorization: Bearer ${access_token}" -d '{"realmRoles":["subscriptor"], "firstName":"NEW FIRST NAME"}'\ https://mykeycloakserver/auth/admin/realms/demo-rails-app/users/80ef4038-... The firstName of the user field is properly updated, however the user realm roles are not modified. Am I doing something wrong?. I've tried to pass a string instead of an array or use the role ID instead of the role name but neither of them worked. Regards, Alfonso ------ 1 - https://issues.jboss.org/browse/KEYCLOAK-6080